Privacy Policy

Effective date: 5 May 2026 Last updated: 5 May 2026

This Privacy Policy describes how FitConnect (“we”, “us”, “our”) collects, uses, and shares information when you use the FitConnect mobile application (the “App”). FitConnect is a discovery platform that helps clients find personal trainers and helps trainers list their services. We do not process or facilitate payments between clients and trainers — those arrangements happen privately, outside the App.

If you have questions about this policy, contact us at alem.zukic77@gmail.com.

1. Information we collect

1.1 Account information

When you create an account, we collect:

If you sign up with Google or Apple Sign-In, we receive the same fields from those providers.

1.2 Trainer profile information

If you register as a trainer, we additionally collect:

1.3 Client activity

If you register as a client, we additionally collect:

1.4 Health data (optional, opt-in)

On iOS we may read health metrics from Apple HealthKit (steps, active calories, heart rate, active minutes). On Android, the equivalent comes from Health Connect. Health data is read on-device and never leaves your phone unless you explicitly opt in to share it with a trainer via the Wearable Settings screen. When sharing is enabled, daily snapshots are stored in our database under your user account, and only trainers you have booked with can read them.

1.5 Location

With your permission, we use your device GPS to:

We do not store your real-time location on our servers. Trainers’ own self-declared location coordinates are stored to render them on the map.

1.6 Chat messages

Messages between you and trainers/clients you connect with are stored on our servers so they sync across your devices. Only the participants in a chat thread can read its messages.

1.7 Boost token purchases

When you (as a trainer) buy “boost credits” via Apple In-App Purchase, we receive from Apple/RevenueCat:

We do not receive your credit card number, full billing address, or any direct payment details. Apple handles all payments.

1.8 Push notification tokens

If you grant notification permission, we store an Expo push token tied to your user account so we can deliver booking and chat notifications.

1.9 Diagnostic data

We use Firebase services which automatically collect basic diagnostic information (crash reports, performance metrics, device model, OS version) to help us fix bugs and improve performance.

2. How we use your information

We use the data above to:

3. Sharing with third parties

We rely on the following third-party services. Each is a “data processor” acting on our behalf, except where noted:

Service Purpose Data shared
Firebase Authentication Account sign-in Email, OAuth tokens
Cloud Firestore App data storage All app content (profiles, bookings, chats)
Firebase Cloud Storage Photo and gallery storage Uploaded images
Firebase Cloud Functions Backend processing (IAP webhooks, etc.) Internal — Apple App Store transaction data
Firebase Cloud Messaging Push notifications Push tokens, notification payloads
Apple App Store In-App Purchases (boost credits) Apple ID-linked transaction data
RevenueCat IAP delivery confirmation and analytics Anonymized user ID, product, transaction ID
Google Maps & Places APIs Map tiles and gym discovery Location queries (no user identifier)
Apple HealthKit (iOS) On-device health data — does not leave device None to us unless opt-in
Android Health Connect On-device health data — does not leave device None to us unless opt-in
Expo Push Service Push notification delivery Push tokens, notification payloads

We do not sell your personal data. We do not share data with advertising networks.

We may disclose information when required by law, to enforce our Terms of Service, or to protect the rights, property, or safety of our users.

4. Public profile information

Trainer profiles (display name, photo, city, specializations, ratings, gallery) are visible to all authenticated users of the App so clients can discover them. Client profiles are not publicly listed; only trainers you book with will see your name and photo in the booking record.

5. Data retention

We retain your data for as long as your account is active. If you delete your account (Profile → Delete Account), we permanently remove:

Some records may persist briefly in encrypted backups for up to 30 days before being automatically purged.

6. Security

We use industry-standard encryption in transit (HTTPS / TLS) and at rest (Firebase managed encryption). Authentication tokens are stored in secure device storage (iOS Keychain / Android Keystore). However, no system is perfectly secure, and we cannot guarantee absolute security.

7. Your rights

Depending on your jurisdiction (e.g., GDPR for EU residents, CCPA for California residents), you may have the right to:

To exercise these rights, email alem.zukic77@gmail.com from the email address associated with your account.

8. Children

The App is not directed to children under 17. We do not knowingly collect information from children under 17. If you believe a child has registered, contact us and we will remove the account.

9. International transfers

Our servers (Firebase / Google Cloud) are located in the United States and the European Union. By using the App you consent to the transfer of your data to these regions, where data protection laws may differ from those in your country.

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced in the App and reflected in the “Last updated” date above. Your continued use of the App after a change means you accept the updated policy.

11. Contact

Questions, requests, or concerns: alem.zukic77@gmail.com